Ethics, open sources and CI

Are the ethics of listening culturally specific? A conversation with a European CEO got me wondering about the limits on using information found online, but when I talked to an American lawyer, he suggested that there are few—if any—boundaries about such information. The bottom line in the US? Once it's on the web, it's no longer secret.

The question came up in the context of using social media analysis for competitive intelligence. Should companies look for their competitors' secrets online? The SCIP code of ethics doesn't help much; all it really says on the matter is, "comply with all applicable laws, domestic and international."

So, what's the law? I am not a lawyer (IANAL), so I called one. Richard Horowitz concentrates in corporate, international, and security matters; he also teaches and writes in the area of competitive intelligence and security. He asked that I point out that his opinions here are general observations and should not be taken as legal advice.

A not-so-hypothetical exampleI asked Richard about the legal limits on information found online (not including breaking into sites). To make things easier to follow, I used the recent example of an internal Wal-Mart presentation that was posted on Consumerist and later removed in response to a DMCA takedown notice. (If you're interested in the copyright angle on the story, see Jonathan Bailey's comments at Plagiarism Today.)

Consumerist took down the presentation, but it is available through other online sources. The presentation is now in the wild; anyone who wants to find a copy, can. But what of the legal and ethical considerations for companies who would find intelligence value in the presentation?

Our example features four players:

Wal-Mart, the company whose material was improperly released.

The person who gave the confidential material to Consumerist (the "Leaker").

Consumerist, the web-based publisher who received and published the material.

Our hypothetical competitor, who may find useful intelligence in the material.

The relevant areas of concern for the leaker and publisher are trade secret law and computer fraud statutes, depending on the details. But we're interested in the competitor who finds the information online.

The usual hypothetical for discovered secrets is a document found in the street, and the recommended practice is to return it to its owner, even if the company could legally keep it. Companies that receive leaked documents directly also tend to return them to their owners, in part because trade secret law addresses that situation.

Published secrets are not secretOur example is different, because the information has been published. Generally speaking, information that has been published—and thus made public—loses its trade secret protection. If published information isn't a trade secret, trade secret law doesn't govern its use by any member of the public, including a competitor.

Richard didn't see any serious legal risks such that companies couldn't use confidential information that has been published and consequently is now in the public domain. (But you'll ask your own lawyer if you need actual legal advice.)

Ethical considerationsThe SCIP code focuses on issues like conflict of interest and honesty, which don't inform the practice of gathering intelligence from open sources online. Once the legal concerns are out of the way, the ethics question seemed to be settled, too.

I asked Richard if he could see an ethical argument against using the information, which led to a discussion of the Prisoner's Dilemma. Essentially, there's no reason to think that other competitors will refrain from using the information, so why would one choose to avoid it?

Different cultures, different laws?After reading some papers from SCIP and talking to Richard, I was getting a clear picture that companies in the US can probably use confidential information they get from open sources online.

Still, there was that discussion with the European CEO. He felt very strongly that he should not be snooping for information leaked from competitors on behalf of his clients. Are there stronger trade secret laws in Europe, or is this a cultural thing? I know a little (very little) about Europe's privacy laws. Is there something beyond social norms that presents legal or ethical constraints on the use of secrets found online?